1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.374 2022/09/17 10:33:18 djm Exp $ 37.Dd $Mdocdate: September 17 2022 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH client configuration file 43.Sh DESCRIPTION 44.Xr ssh 1 45obtains configuration data from the following sources in 46the following order: 47.Pp 48.Bl -enum -offset indent -compact 49.It 50command-line options 51.It 52user's configuration file 53.Pq Pa ~/.ssh/config 54.It 55system-wide configuration file 56.Pq Pa /etc/ssh/ssh_config 57.El 58.Pp 59For each parameter, the first obtained value 60will be used. 61The configuration files contain sections separated by 62.Cm Host 63specifications, and that section is only applied for hosts that 64match one of the patterns given in the specification. 65The matched host name is usually the one given on the command line 66(see the 67.Cm CanonicalizeHostname 68option for exceptions). 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The file contains keyword-argument pairs, one per line. 75Lines starting with 76.Ql # 77and empty lines are interpreted as comments. 78Arguments may optionally be enclosed in double quotes 79.Pq \&" 80in order to represent arguments containing spaces. 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92.Pp 93The possible 94keywords and their meanings are as follows (note that 95keywords are case-insensitive and arguments are case-sensitive): 96.Bl -tag -width Ds 97.It Cm Host 98Restricts the following declarations (up to the next 99.Cm Host 100or 101.Cm Match 102keyword) to be only for those hosts that match one of the patterns 103given after the keyword. 104If more than one pattern is provided, they should be separated by whitespace. 105A single 106.Ql * 107as a pattern can be used to provide global 108defaults for all hosts. 109The host is usually the 110.Ar hostname 111argument given on the command line 112(see the 113.Cm CanonicalizeHostname 114keyword for exceptions). 115.Pp 116A pattern entry may be negated by prefixing it with an exclamation mark 117.Pq Sq !\& . 118If a negated entry is matched, then the 119.Cm Host 120entry is ignored, regardless of whether any other patterns on the line 121match. 122Negated matches are therefore useful to provide exceptions for wildcard 123matches. 124.Pp 125See 126.Sx PATTERNS 127for more information on patterns. 128.It Cm Match 129Restricts the following declarations (up to the next 130.Cm Host 131or 132.Cm Match 133keyword) to be used only when the conditions following the 134.Cm Match 135keyword are satisfied. 136Match conditions are specified using one or more criteria 137or the single token 138.Cm all 139which always matches. 140The available criteria keywords are: 141.Cm canonical , 142.Cm final , 143.Cm exec , 144.Cm host , 145.Cm originalhost , 146.Cm user , 147and 148.Cm localuser . 149The 150.Cm all 151criteria must appear alone or immediately after 152.Cm canonical 153or 154.Cm final . 155Other criteria may be combined arbitrarily. 156All criteria but 157.Cm all , 158.Cm canonical , 159and 160.Cm final 161require an argument. 162Criteria may be negated by prepending an exclamation mark 163.Pq Sq !\& . 164.Pp 165The 166.Cm canonical 167keyword matches only when the configuration file is being re-parsed 168after hostname canonicalization (see the 169.Cm CanonicalizeHostname 170option). 171This may be useful to specify conditions that work with canonical host 172names only. 173.Pp 174The 175.Cm final 176keyword requests that the configuration be re-parsed (regardless of whether 177.Cm CanonicalizeHostname 178is enabled), and matches only during this final pass. 179If 180.Cm CanonicalizeHostname 181is enabled, then 182.Cm canonical 183and 184.Cm final 185match during the same pass. 186.Pp 187The 188.Cm exec 189keyword executes the specified command under the user's shell. 190If the command returns a zero exit status then the condition is considered true. 191Commands containing whitespace characters must be quoted. 192Arguments to 193.Cm exec 194accept the tokens described in the 195.Sx TOKENS 196section. 197.Pp 198The other keywords' criteria must be single entries or comma-separated 199lists and may use the wildcard and negation operators described in the 200.Sx PATTERNS 201section. 202The criteria for the 203.Cm host 204keyword are matched against the target hostname, after any substitution 205by the 206.Cm Hostname 207or 208.Cm CanonicalizeHostname 209options. 210The 211.Cm originalhost 212keyword matches against the hostname as it was specified on the command-line. 213The 214.Cm user 215keyword matches against the target username on the remote host. 216The 217.Cm localuser 218keyword matches against the name of the local user running 219.Xr ssh 1 220(this keyword may be useful in system-wide 221.Nm 222files). 223.It Cm AddKeysToAgent 224Specifies whether keys should be automatically added to a running 225.Xr ssh-agent 1 . 226If this option is set to 227.Cm yes 228and a key is loaded from a file, the key and its passphrase are added to 229the agent with the default lifetime, as if by 230.Xr ssh-add 1 . 231If this option is set to 232.Cm ask , 233.Xr ssh 1 234will require confirmation using the 235.Ev SSH_ASKPASS 236program before adding a key (see 237.Xr ssh-add 1 238for details). 239If this option is set to 240.Cm confirm , 241each use of the key must be confirmed, as if the 242.Fl c 243option was specified to 244.Xr ssh-add 1 . 245If this option is set to 246.Cm no , 247no keys are added to the agent. 248Alternately, this option may be specified as a time interval 249using the format described in the 250.Sx TIME FORMATS 251section of 252.Xr sshd_config 5 253to specify the key's lifetime in 254.Xr ssh-agent 1 , 255after which it will automatically be removed. 256The argument must be 257.Cm no 258(the default), 259.Cm yes , 260.Cm confirm 261(optionally followed by a time interval), 262.Cm ask 263or a time interval. 264.It Cm AddressFamily 265Specifies which address family to use when connecting. 266Valid arguments are 267.Cm any 268(the default), 269.Cm inet 270(use IPv4 only), or 271.Cm inet6 272(use IPv6 only). 273.It Cm BatchMode 274If set to 275.Cm yes , 276user interaction such as password prompts and host key confirmation requests 277will be disabled. 278This option is useful in scripts and other batch jobs where no user 279is present to interact with 280.Xr ssh 1 . 281The argument must be 282.Cm yes 283or 284.Cm no 285(the default). 286.It Cm BindAddress 287Use the specified address on the local machine as the source address of 288the connection. 289Only useful on systems with more than one address. 290.It Cm BindInterface 291Use the address of the specified interface on the local machine as the 292source address of the connection. 293.It Cm CanonicalDomains 294When 295.Cm CanonicalizeHostname 296is enabled, this option specifies the list of domain suffixes in which to 297search for the specified destination host. 298.It Cm CanonicalizeFallbackLocal 299Specifies whether to fail with an error when hostname canonicalization fails. 300The default, 301.Cm yes , 302will attempt to look up the unqualified hostname using the system resolver's 303search rules. 304A value of 305.Cm no 306will cause 307.Xr ssh 1 308to fail instantly if 309.Cm CanonicalizeHostname 310is enabled and the target hostname cannot be found in any of the domains 311specified by 312.Cm CanonicalDomains . 313.It Cm CanonicalizeHostname 314Controls whether explicit hostname canonicalization is performed. 315The default, 316.Cm no , 317is not to perform any name rewriting and let the system resolver handle all 318hostname lookups. 319If set to 320.Cm yes 321then, for connections that do not use a 322.Cm ProxyCommand 323or 324.Cm ProxyJump , 325.Xr ssh 1 326will attempt to canonicalize the hostname specified on the command line 327using the 328.Cm CanonicalDomains 329suffixes and 330.Cm CanonicalizePermittedCNAMEs 331rules. 332If 333.Cm CanonicalizeHostname 334is set to 335.Cm always , 336then canonicalization is applied to proxied connections too. 337.Pp 338If this option is enabled, then the configuration files are processed 339again using the new target name to pick up any new configuration in matching 340.Cm Host 341and 342.Cm Match 343stanzas. 344A value of 345.Cm none 346disables the use of a 347.Cm ProxyJump 348host. 349.It Cm CanonicalizeMaxDots 350Specifies the maximum number of dot characters in a hostname before 351canonicalization is disabled. 352The default, 1, 353allows a single dot (i.e. hostname.subdomain). 354.It Cm CanonicalizePermittedCNAMEs 355Specifies rules to determine whether CNAMEs should be followed when 356canonicalizing hostnames. 357The rules consist of one or more arguments of 358.Ar source_domain_list : Ns Ar target_domain_list , 359where 360.Ar source_domain_list 361is a pattern-list of domains that may follow CNAMEs in canonicalization, 362and 363.Ar target_domain_list 364is a pattern-list of domains that they may resolve to. 365.Pp 366For example, 367.Qq *.a.example.com:*.b.example.com,*.c.example.com 368will allow hostnames matching 369.Qq *.a.example.com 370to be canonicalized to names in the 371.Qq *.b.example.com 372or 373.Qq *.c.example.com 374domains. 375.Pp 376A single argument of 377.Qq none 378causes no CNAMEs to be considered for canonicalization. 379This is the default behaviour. 380.It Cm CASignatureAlgorithms 381Specifies which algorithms are allowed for signing of certificates 382by certificate authorities (CAs). 383The default is: 384.Bd -literal -offset indent 385ssh-ed25519,ecdsa-sha2-nistp256, 386ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 387sk-ssh-ed25519@openssh.com, 388sk-ecdsa-sha2-nistp256@openssh.com, 389rsa-sha2-512,rsa-sha2-256 390.Ed 391.Pp 392If the specified list begins with a 393.Sq + 394character, then the specified algorithms will be appended to the default set 395instead of replacing them. 396If the specified list begins with a 397.Sq - 398character, then the specified algorithms (including wildcards) will be removed 399from the default set instead of replacing them. 400.Pp 401.Xr ssh 1 402will not accept host certificates signed using algorithms other than those 403specified. 404.It Cm CertificateFile 405Specifies a file from which the user's certificate is read. 406A corresponding private key must be provided separately in order 407to use this certificate either 408from an 409.Cm IdentityFile 410directive or 411.Fl i 412flag to 413.Xr ssh 1 , 414via 415.Xr ssh-agent 1 , 416or via a 417.Cm PKCS11Provider 418or 419.Cm SecurityKeyProvider . 420.Pp 421Arguments to 422.Cm CertificateFile 423may use the tilde syntax to refer to a user's home directory, 424the tokens described in the 425.Sx TOKENS 426section and environment variables as described in the 427.Sx ENVIRONMENT VARIABLES 428section. 429.Pp 430It is possible to have multiple certificate files specified in 431configuration files; these certificates will be tried in sequence. 432Multiple 433.Cm CertificateFile 434directives will add to the list of certificates used for 435authentication. 436.It Cm CheckHostIP 437If set to 438.Cm yes , 439.Xr ssh 1 440will additionally check the host IP address in the 441.Pa known_hosts 442file. 443This allows it to detect if a host key changed due to DNS spoofing 444and will add addresses of destination hosts to 445.Pa ~/.ssh/known_hosts 446in the process, regardless of the setting of 447.Cm StrictHostKeyChecking . 448If the option is set to 449.Cm no 450(the default), 451the check will not be executed. 452.It Cm Ciphers 453Specifies the ciphers allowed and their order of preference. 454Multiple ciphers must be comma-separated. 455If the specified list begins with a 456.Sq + 457character, then the specified ciphers will be appended to the default set 458instead of replacing them. 459If the specified list begins with a 460.Sq - 461character, then the specified ciphers (including wildcards) will be removed 462from the default set instead of replacing them. 463If the specified list begins with a 464.Sq ^ 465character, then the specified ciphers will be placed at the head of the 466default set. 467.Pp 468The supported ciphers are: 469.Bd -literal -offset indent 4703des-cbc 471aes128-cbc 472aes192-cbc 473aes256-cbc 474aes128-ctr 475aes192-ctr 476aes256-ctr 477aes128-gcm@openssh.com 478aes256-gcm@openssh.com 479chacha20-poly1305@openssh.com 480.Ed 481.Pp 482The default is: 483.Bd -literal -offset indent 484chacha20-poly1305@openssh.com, 485aes128-ctr,aes192-ctr,aes256-ctr, 486aes128-gcm@openssh.com,aes256-gcm@openssh.com 487.Ed 488.Pp 489The list of available ciphers may also be obtained using 490.Qq ssh -Q cipher . 491.It Cm ClearAllForwardings 492Specifies that all local, remote, and dynamic port forwardings 493specified in the configuration files or on the command line be 494cleared. 495This option is primarily useful when used from the 496.Xr ssh 1 497command line to clear port forwardings set in 498configuration files, and is automatically set by 499.Xr scp 1 500and 501.Xr sftp 1 . 502The argument must be 503.Cm yes 504or 505.Cm no 506(the default). 507.It Cm Compression 508Specifies whether to use compression. 509The argument must be 510.Cm yes 511or 512.Cm no 513(the default). 514.It Cm ConnectionAttempts 515Specifies the number of tries (one per second) to make before exiting. 516The argument must be an integer. 517This may be useful in scripts if the connection sometimes fails. 518The default is 1. 519.It Cm ConnectTimeout 520Specifies the timeout (in seconds) used when connecting to the 521SSH server, instead of using the default system TCP timeout. 522This timeout is applied both to establishing the connection and to performing 523the initial SSH protocol handshake and key exchange. 524.It Cm ControlMaster 525Enables the sharing of multiple sessions over a single network connection. 526When set to 527.Cm yes , 528.Xr ssh 1 529will listen for connections on a control socket specified using the 530.Cm ControlPath 531argument. 532Additional sessions can connect to this socket using the same 533.Cm ControlPath 534with 535.Cm ControlMaster 536set to 537.Cm no 538(the default). 539These sessions will try to reuse the master instance's network connection 540rather than initiating new ones, but will fall back to connecting normally 541if the control socket does not exist, or is not listening. 542.Pp 543Setting this to 544.Cm ask 545will cause 546.Xr ssh 1 547to listen for control connections, but require confirmation using 548.Xr ssh-askpass 1 . 549If the 550.Cm ControlPath 551cannot be opened, 552.Xr ssh 1 553will continue without connecting to a master instance. 554.Pp 555X11 and 556.Xr ssh-agent 1 557forwarding is supported over these multiplexed connections, however the 558display and agent forwarded will be the one belonging to the master 559connection i.e. it is not possible to forward multiple displays or agents. 560.Pp 561Two additional options allow for opportunistic multiplexing: try to use a 562master connection but fall back to creating a new one if one does not already 563exist. 564These options are: 565.Cm auto 566and 567.Cm autoask . 568The latter requires confirmation like the 569.Cm ask 570option. 571.It Cm ControlPath 572Specify the path to the control socket used for connection sharing as described 573in the 574.Cm ControlMaster 575section above or the string 576.Cm none 577to disable connection sharing. 578Arguments to 579.Cm ControlPath 580may use the tilde syntax to refer to a user's home directory, 581the tokens described in the 582.Sx TOKENS 583section and environment variables as described in the 584.Sx ENVIRONMENT VARIABLES 585section. 586It is recommended that any 587.Cm ControlPath 588used for opportunistic connection sharing include 589at least %h, %p, and %r (or alternatively %C) and be placed in a directory 590that is not writable by other users. 591This ensures that shared connections are uniquely identified. 592.It Cm ControlPersist 593When used in conjunction with 594.Cm ControlMaster , 595specifies that the master connection should remain open 596in the background (waiting for future client connections) 597after the initial client connection has been closed. 598If set to 599.Cm no 600(the default), 601then the master connection will not be placed into the background, 602and will close as soon as the initial client connection is closed. 603If set to 604.Cm yes 605or 0, 606then the master connection will remain in the background indefinitely 607(until killed or closed via a mechanism such as the 608.Qq ssh -O exit ) . 609If set to a time in seconds, or a time in any of the formats documented in 610.Xr sshd_config 5 , 611then the backgrounded master connection will automatically terminate 612after it has remained idle (with no client connections) for the 613specified time. 614.It Cm DynamicForward 615Specifies that a TCP port on the local machine be forwarded 616over the secure channel, and the application 617protocol is then used to determine where to connect to from the 618remote machine. 619.Pp 620The argument must be 621.Sm off 622.Oo Ar bind_address : Oc Ar port . 623.Sm on 624IPv6 addresses can be specified by enclosing addresses in square brackets. 625By default, the local port is bound in accordance with the 626.Cm GatewayPorts 627setting. 628However, an explicit 629.Ar bind_address 630may be used to bind the connection to a specific address. 631The 632.Ar bind_address 633of 634.Cm localhost 635indicates that the listening port be bound for local use only, while an 636empty address or 637.Sq * 638indicates that the port should be available from all interfaces. 639.Pp 640Currently the SOCKS4 and SOCKS5 protocols are supported, and 641.Xr ssh 1 642will act as a SOCKS server. 643Multiple forwardings may be specified, and 644additional forwardings can be given on the command line. 645Only the superuser can forward privileged ports. 646.It Cm EnableSSHKeysign 647Setting this option to 648.Cm yes 649in the global client configuration file 650.Pa /etc/ssh/ssh_config 651enables the use of the helper program 652.Xr ssh-keysign 8 653during 654.Cm HostbasedAuthentication . 655The argument must be 656.Cm yes 657or 658.Cm no 659(the default). 660This option should be placed in the non-hostspecific section. 661See 662.Xr ssh-keysign 8 663for more information. 664.It Cm EscapeChar 665Sets the escape character (default: 666.Ql ~ ) . 667The escape character can also 668be set on the command line. 669The argument should be a single character, 670.Ql ^ 671followed by a letter, or 672.Cm none 673to disable the escape 674character entirely (making the connection transparent for binary 675data). 676.It Cm ExitOnForwardFailure 677Specifies whether 678.Xr ssh 1 679should terminate the connection if it cannot set up all requested 680dynamic, tunnel, local, and remote port forwardings, (e.g.\& 681if either end is unable to bind and listen on a specified port). 682Note that 683.Cm ExitOnForwardFailure 684does not apply to connections made over port forwardings and will not, 685for example, cause 686.Xr ssh 1 687to exit if TCP connections to the ultimate forwarding destination fail. 688The argument must be 689.Cm yes 690or 691.Cm no 692(the default). 693.It Cm FingerprintHash 694Specifies the hash algorithm used when displaying key fingerprints. 695Valid options are: 696.Cm md5 697and 698.Cm sha256 699(the default). 700.It Cm ForkAfterAuthentication 701Requests 702.Nm ssh 703to go to background just before command execution. 704This is useful if 705.Nm ssh 706is going to ask for passwords or passphrases, but the user 707wants it in the background. 708This implies the 709.Cm StdinNull 710configuration option being set to 711.Dq yes . 712The recommended way to start X11 programs at a remote site is with 713something like 714.Ic ssh -f host xterm , 715which is the same as 716.Ic ssh host xterm 717if the 718.Cm ForkAfterAuthentication 719configuration option is set to 720.Dq yes . 721.Pp 722If the 723.Cm ExitOnForwardFailure 724configuration option is set to 725.Dq yes , 726then a client started with the 727.Cm ForkAfterAuthentication 728configuration option being set to 729.Dq yes 730will wait for all remote port forwards to be successfully established 731before placing itself in the background. 732The argument to this keyword must be 733.Cm yes 734(same as the 735.Fl f 736option) or 737.Cm no 738(the default). 739.It Cm ForwardAgent 740Specifies whether the connection to the authentication agent (if any) 741will be forwarded to the remote machine. 742The argument may be 743.Cm yes , 744.Cm no 745(the default), 746an explicit path to an agent socket or the name of an environment variable 747(beginning with 748.Sq $ ) 749in which to find the path. 750.Pp 751Agent forwarding should be enabled with caution. 752Users with the ability to bypass file permissions on the remote host 753(for the agent's Unix-domain socket) 754can access the local agent through the forwarded connection. 755An attacker cannot obtain key material from the agent, 756however they can perform operations on the keys that enable them to 757authenticate using the identities loaded into the agent. 758.It Cm ForwardX11 759Specifies whether X11 connections will be automatically redirected 760over the secure channel and 761.Ev DISPLAY 762set. 763The argument must be 764.Cm yes 765or 766.Cm no 767(the default). 768.Pp 769X11 forwarding should be enabled with caution. 770Users with the ability to bypass file permissions on the remote host 771(for the user's X11 authorization database) 772can access the local X11 display through the forwarded connection. 773An attacker may then be able to perform activities such as keystroke monitoring 774if the 775.Cm ForwardX11Trusted 776option is also enabled. 777.It Cm ForwardX11Timeout 778Specify a timeout for untrusted X11 forwarding 779using the format described in the 780.Sx TIME FORMATS 781section of 782.Xr sshd_config 5 . 783X11 connections received by 784.Xr ssh 1 785after this time will be refused. 786Setting 787.Cm ForwardX11Timeout 788to zero will disable the timeout and permit X11 forwarding for the life 789of the connection. 790The default is to disable untrusted X11 forwarding after twenty minutes has 791elapsed. 792.It Cm ForwardX11Trusted 793If this option is set to 794.Cm yes , 795remote X11 clients will have full access to the original X11 display. 796.Pp 797If this option is set to 798.Cm no 799(the default), 800remote X11 clients will be considered untrusted and prevented 801from stealing or tampering with data belonging to trusted X11 802clients. 803Furthermore, the 804.Xr xauth 1 805token used for the session will be set to expire after 20 minutes. 806Remote clients will be refused access after this time. 807.Pp 808See the X11 SECURITY extension specification for full details on 809the restrictions imposed on untrusted clients. 810.It Cm GatewayPorts 811Specifies whether remote hosts are allowed to connect to local 812forwarded ports. 813By default, 814.Xr ssh 1 815binds local port forwardings to the loopback address. 816This prevents other remote hosts from connecting to forwarded ports. 817.Cm GatewayPorts 818can be used to specify that ssh 819should bind local port forwardings to the wildcard address, 820thus allowing remote hosts to connect to forwarded ports. 821The argument must be 822.Cm yes 823or 824.Cm no 825(the default). 826.It Cm GlobalKnownHostsFile 827Specifies one or more files to use for the global 828host key database, separated by whitespace. 829The default is 830.Pa /etc/ssh/ssh_known_hosts , 831.Pa /etc/ssh/ssh_known_hosts2 . 832.It Cm GSSAPIAuthentication 833Specifies whether user authentication based on GSSAPI is allowed. 834The default is 835.Cm no . 836.It Cm GSSAPIDelegateCredentials 837Forward (delegate) credentials to the server. 838The default is 839.Cm no . 840.It Cm HashKnownHosts 841Indicates that 842.Xr ssh 1 843should hash host names and addresses when they are added to 844.Pa ~/.ssh/known_hosts . 845These hashed names may be used normally by 846.Xr ssh 1 847and 848.Xr sshd 8 , 849but they do not visually reveal identifying information if the 850file's contents are disclosed. 851The default is 852.Cm no . 853Note that existing names and addresses in known hosts files 854will not be converted automatically, 855but may be manually hashed using 856.Xr ssh-keygen 1 . 857.It Cm HostbasedAcceptedAlgorithms 858Specifies the signature algorithms that will be used for hostbased 859authentication as a comma-separated list of patterns. 860Alternately if the specified list begins with a 861.Sq + 862character, then the specified signature algorithms will be appended 863to the default set instead of replacing them. 864If the specified list begins with a 865.Sq - 866character, then the specified signature algorithms (including wildcards) 867will be removed from the default set instead of replacing them. 868If the specified list begins with a 869.Sq ^ 870character, then the specified signature algorithms will be placed 871at the head of the default set. 872The default for this option is: 873.Bd -literal -offset 3n 874ssh-ed25519-cert-v01@openssh.com, 875ecdsa-sha2-nistp256-cert-v01@openssh.com, 876ecdsa-sha2-nistp384-cert-v01@openssh.com, 877ecdsa-sha2-nistp521-cert-v01@openssh.com, 878sk-ssh-ed25519-cert-v01@openssh.com, 879sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 880rsa-sha2-512-cert-v01@openssh.com, 881rsa-sha2-256-cert-v01@openssh.com, 882ssh-ed25519, 883ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 884sk-ssh-ed25519@openssh.com, 885sk-ecdsa-sha2-nistp256@openssh.com, 886rsa-sha2-512,rsa-sha2-256 887.Ed 888.Pp 889The 890.Fl Q 891option of 892.Xr ssh 1 893may be used to list supported signature algorithms. 894This was formerly named HostbasedKeyTypes. 895.It Cm HostbasedAuthentication 896Specifies whether to try rhosts based authentication with public key 897authentication. 898The argument must be 899.Cm yes 900or 901.Cm no 902(the default). 903.It Cm HostKeyAlgorithms 904Specifies the host key signature algorithms 905that the client wants to use in order of preference. 906Alternately if the specified list begins with a 907.Sq + 908character, then the specified signature algorithms will be appended to 909the default set instead of replacing them. 910If the specified list begins with a 911.Sq - 912character, then the specified signature algorithms (including wildcards) 913will be removed from the default set instead of replacing them. 914If the specified list begins with a 915.Sq ^ 916character, then the specified signature algorithms will be placed 917at the head of the default set. 918The default for this option is: 919.Bd -literal -offset 3n 920ssh-ed25519-cert-v01@openssh.com, 921ecdsa-sha2-nistp256-cert-v01@openssh.com, 922ecdsa-sha2-nistp384-cert-v01@openssh.com, 923ecdsa-sha2-nistp521-cert-v01@openssh.com, 924sk-ssh-ed25519-cert-v01@openssh.com, 925sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 926rsa-sha2-512-cert-v01@openssh.com, 927rsa-sha2-256-cert-v01@openssh.com, 928ssh-ed25519, 929ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 930sk-ecdsa-sha2-nistp256@openssh.com, 931sk-ssh-ed25519@openssh.com, 932rsa-sha2-512,rsa-sha2-256 933.Ed 934.Pp 935If hostkeys are known for the destination host then this default is modified 936to prefer their algorithms. 937.Pp 938The list of available signature algorithms may also be obtained using 939.Qq ssh -Q HostKeyAlgorithms . 940.It Cm HostKeyAlias 941Specifies an alias that should be used instead of the 942real host name when looking up or saving the host key 943in the host key database files and when validating host certificates. 944This option is useful for tunneling SSH connections 945or for multiple servers running on a single host. 946.It Cm Hostname 947Specifies the real host name to log into. 948This can be used to specify nicknames or abbreviations for hosts. 949Arguments to 950.Cm Hostname 951accept the tokens described in the 952.Sx TOKENS 953section. 954Numeric IP addresses are also permitted (both on the command line and in 955.Cm Hostname 956specifications). 957The default is the name given on the command line. 958.It Cm IdentitiesOnly 959Specifies that 960.Xr ssh 1 961should only use the configured authentication identity and certificate files 962(either the default files, or those explicitly configured in the 963.Nm 964files 965or passed on the 966.Xr ssh 1 967command-line), 968even if 969.Xr ssh-agent 1 970or a 971.Cm PKCS11Provider 972or 973.Cm SecurityKeyProvider 974offers more identities. 975The argument to this keyword must be 976.Cm yes 977or 978.Cm no 979(the default). 980This option is intended for situations where ssh-agent 981offers many different identities. 982.It Cm IdentityAgent 983Specifies the 984.Ux Ns -domain 985socket used to communicate with the authentication agent. 986.Pp 987This option overrides the 988.Ev SSH_AUTH_SOCK 989environment variable and can be used to select a specific agent. 990Setting the socket name to 991.Cm none 992disables the use of an authentication agent. 993If the string 994.Qq SSH_AUTH_SOCK 995is specified, the location of the socket will be read from the 996.Ev SSH_AUTH_SOCK 997environment variable. 998Otherwise if the specified value begins with a 999.Sq $ 1000character, then it will be treated as an environment variable containing 1001the location of the socket. 1002.Pp 1003Arguments to 1004.Cm IdentityAgent 1005may use the tilde syntax to refer to a user's home directory, 1006the tokens described in the 1007.Sx TOKENS 1008section and environment variables as described in the 1009.Sx ENVIRONMENT VARIABLES 1010section. 1011.It Cm IdentityFile 1012Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, 1013Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. 1014The default is 1015.Pa ~/.ssh/id_rsa , 1016.Pa ~/.ssh/id_ecdsa , 1017.Pa ~/.ssh/id_ecdsa_sk , 1018.Pa ~/.ssh/id_ed25519 , 1019.Pa ~/.ssh/id_ed25519_sk 1020and 1021.Pa ~/.ssh/id_dsa . 1022Additionally, any identities represented by the authentication agent 1023will be used for authentication unless 1024.Cm IdentitiesOnly 1025is set. 1026If no certificates have been explicitly specified by 1027.Cm CertificateFile , 1028.Xr ssh 1 1029will try to load certificate information from the filename obtained by 1030appending 1031.Pa -cert.pub 1032to the path of a specified 1033.Cm IdentityFile . 1034.Pp 1035Arguments to 1036.Cm IdentityFile 1037may use the tilde syntax to refer to a user's home directory 1038or the tokens described in the 1039.Sx TOKENS 1040section. 1041.Pp 1042It is possible to have 1043multiple identity files specified in configuration files; all these 1044identities will be tried in sequence. 1045Multiple 1046.Cm IdentityFile 1047directives will add to the list of identities tried (this behaviour 1048differs from that of other configuration directives). 1049.Pp 1050.Cm IdentityFile 1051may be used in conjunction with 1052.Cm IdentitiesOnly 1053to select which identities in an agent are offered during authentication. 1054.Cm IdentityFile 1055may also be used in conjunction with 1056.Cm CertificateFile 1057in order to provide any certificate also needed for authentication with 1058the identity. 1059.It Cm IgnoreUnknown 1060Specifies a pattern-list of unknown options to be ignored if they are 1061encountered in configuration parsing. 1062This may be used to suppress errors if 1063.Nm 1064contains options that are unrecognised by 1065.Xr ssh 1 . 1066It is recommended that 1067.Cm IgnoreUnknown 1068be listed early in the configuration file as it will not be applied 1069to unknown options that appear before it. 1070.It Cm Include 1071Include the specified configuration file(s). 1072Multiple pathnames may be specified and each pathname may contain 1073.Xr glob 7 1074wildcards and, for user configurations, shell-like 1075.Sq ~ 1076references to user home directories. 1077Wildcards will be expanded and processed in lexical order. 1078Files without absolute paths are assumed to be in 1079.Pa ~/.ssh 1080if included in a user configuration file or 1081.Pa /etc/ssh 1082if included from the system configuration file. 1083.Cm Include 1084directive may appear inside a 1085.Cm Match 1086or 1087.Cm Host 1088block 1089to perform conditional inclusion. 1090.It Cm IPQoS 1091Specifies the IPv4 type-of-service or DSCP class for connections. 1092Accepted values are 1093.Cm af11 , 1094.Cm af12 , 1095.Cm af13 , 1096.Cm af21 , 1097.Cm af22 , 1098.Cm af23 , 1099.Cm af31 , 1100.Cm af32 , 1101.Cm af33 , 1102.Cm af41 , 1103.Cm af42 , 1104.Cm af43 , 1105.Cm cs0 , 1106.Cm cs1 , 1107.Cm cs2 , 1108.Cm cs3 , 1109.Cm cs4 , 1110.Cm cs5 , 1111.Cm cs6 , 1112.Cm cs7 , 1113.Cm ef , 1114.Cm le , 1115.Cm lowdelay , 1116.Cm throughput , 1117.Cm reliability , 1118a numeric value, or 1119.Cm none 1120to use the operating system default. 1121This option may take one or two arguments, separated by whitespace. 1122If one argument is specified, it is used as the packet class unconditionally. 1123If two values are specified, the first is automatically selected for 1124interactive sessions and the second for non-interactive sessions. 1125The default is 1126.Cm af21 1127(Low-Latency Data) 1128for interactive sessions and 1129.Cm cs1 1130(Lower Effort) 1131for non-interactive sessions. 1132.It Cm KbdInteractiveAuthentication 1133Specifies whether to use keyboard-interactive authentication. 1134The argument to this keyword must be 1135.Cm yes 1136(the default) 1137or 1138.Cm no . 1139.Cm ChallengeResponseAuthentication 1140is a deprecated alias for this. 1141.It Cm KbdInteractiveDevices 1142Specifies the list of methods to use in keyboard-interactive authentication. 1143Multiple method names must be comma-separated. 1144The default is to use the server specified list. 1145The methods available vary depending on what the server supports. 1146For an OpenSSH server, 1147it may be zero or more of: 1148.Cm bsdauth 1149and 1150.Cm pam . 1151.It Cm KexAlgorithms 1152Specifies the available KEX (Key Exchange) algorithms. 1153Multiple algorithms must be comma-separated. 1154If the specified list begins with a 1155.Sq + 1156character, then the specified algorithms will be appended to the default set 1157instead of replacing them. 1158If the specified list begins with a 1159.Sq - 1160character, then the specified algorithms (including wildcards) will be removed 1161from the default set instead of replacing them. 1162If the specified list begins with a 1163.Sq ^ 1164character, then the specified algorithms will be placed at the head of the 1165default set. 1166The default is: 1167.Bd -literal -offset indent 1168sntrup761x25519-sha512@openssh.com, 1169curve25519-sha256,curve25519-sha256@libssh.org, 1170ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1171diffie-hellman-group-exchange-sha256, 1172diffie-hellman-group16-sha512, 1173diffie-hellman-group18-sha512, 1174diffie-hellman-group14-sha256 1175.Ed 1176.Pp 1177The list of available key exchange algorithms may also be obtained using 1178.Qq ssh -Q kex . 1179.It Cm KnownHostsCommand 1180Specifies a command to use to obtain a list of host keys, in addition to 1181those listed in 1182.Cm UserKnownHostsFile 1183and 1184.Cm GlobalKnownHostsFile . 1185This command is executed after the files have been read. 1186It may write host key lines to standard output in identical format to the 1187usual files (described in the 1188.Sx VERIFYING HOST KEYS 1189section in 1190.Xr ssh 1 ) . 1191Arguments to 1192.Cm KnownHostsCommand 1193accept the tokens described in the 1194.Sx TOKENS 1195section. 1196The command may be invoked multiple times per connection: once when preparing 1197the preference list of host key algorithms to use, again to obtain the 1198host key for the requested host name and, if 1199.Cm CheckHostIP 1200is enabled, one more time to obtain the host key matching the server's 1201address. 1202If the command exits abnormally or returns a non-zero exit status then the 1203connection is terminated. 1204.It Cm LocalCommand 1205Specifies a command to execute on the local machine after successfully 1206connecting to the server. 1207The command string extends to the end of the line, and is executed with 1208the user's shell. 1209Arguments to 1210.Cm LocalCommand 1211accept the tokens described in the 1212.Sx TOKENS 1213section. 1214.Pp 1215The command is run synchronously and does not have access to the 1216session of the 1217.Xr ssh 1 1218that spawned it. 1219It should not be used for interactive commands. 1220.Pp 1221This directive is ignored unless 1222.Cm PermitLocalCommand 1223has been enabled. 1224.It Cm LocalForward 1225Specifies that a TCP port on the local machine be forwarded over 1226the secure channel to the specified host and port from the remote machine. 1227The first argument specifies the listener and may be 1228.Sm off 1229.Oo Ar bind_address : Oc Ar port 1230.Sm on 1231or a Unix domain socket path. 1232The second argument is the destination and may be 1233.Ar host : Ns Ar hostport 1234or a Unix domain socket path if the remote host supports it. 1235.Pp 1236IPv6 addresses can be specified by enclosing addresses in square brackets. 1237Multiple forwardings may be specified, and additional forwardings can be 1238given on the command line. 1239Only the superuser can forward privileged ports. 1240By default, the local port is bound in accordance with the 1241.Cm GatewayPorts 1242setting. 1243However, an explicit 1244.Ar bind_address 1245may be used to bind the connection to a specific address. 1246The 1247.Ar bind_address 1248of 1249.Cm localhost 1250indicates that the listening port be bound for local use only, while an 1251empty address or 1252.Sq * 1253indicates that the port should be available from all interfaces. 1254Unix domain socket paths may use the tokens described in the 1255.Sx TOKENS 1256section and environment variables as described in the 1257.Sx ENVIRONMENT VARIABLES 1258section. 1259.It Cm LogLevel 1260Gives the verbosity level that is used when logging messages from 1261.Xr ssh 1 . 1262The possible values are: 1263QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1264The default is INFO. 1265DEBUG and DEBUG1 are equivalent. 1266DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1267.It Cm LogVerbose 1268Specify one or more overrides to LogLevel. 1269An override consists of a pattern lists that matches the source file, function 1270and line number to force detailed logging for. 1271For example, an override pattern of: 1272.Bd -literal -offset indent 1273kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* 1274.Ed 1275.Pp 1276would enable detailed logging for line 1000 of 1277.Pa kex.c , 1278everything in the 1279.Fn kex_exchange_identification 1280function, and all code in the 1281.Pa packet.c 1282file. 1283This option is intended for debugging and no overrides are enabled by default. 1284.It Cm MACs 1285Specifies the MAC (message authentication code) algorithms 1286in order of preference. 1287The MAC algorithm is used for data integrity protection. 1288Multiple algorithms must be comma-separated. 1289If the specified list begins with a 1290.Sq + 1291character, then the specified algorithms will be appended to the default set 1292instead of replacing them. 1293If the specified list begins with a 1294.Sq - 1295character, then the specified algorithms (including wildcards) will be removed 1296from the default set instead of replacing them. 1297If the specified list begins with a 1298.Sq ^ 1299character, then the specified algorithms will be placed at the head of the 1300default set. 1301.Pp 1302The algorithms that contain 1303.Qq -etm 1304calculate the MAC after encryption (encrypt-then-mac). 1305These are considered safer and their use recommended. 1306.Pp 1307The default is: 1308.Bd -literal -offset indent 1309umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1310hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1311hmac-sha1-etm@openssh.com, 1312umac-64@openssh.com,umac-128@openssh.com, 1313hmac-sha2-256,hmac-sha2-512,hmac-sha1 1314.Ed 1315.Pp 1316The list of available MAC algorithms may also be obtained using 1317.Qq ssh -Q mac . 1318.It Cm NoHostAuthenticationForLocalhost 1319Disable host authentication for localhost (loopback addresses). 1320The argument to this keyword must be 1321.Cm yes 1322or 1323.Cm no 1324(the default). 1325.It Cm NumberOfPasswordPrompts 1326Specifies the number of password prompts before giving up. 1327The argument to this keyword must be an integer. 1328The default is 3. 1329.It Cm PasswordAuthentication 1330Specifies whether to use password authentication. 1331The argument to this keyword must be 1332.Cm yes 1333(the default) 1334or 1335.Cm no . 1336.It Cm PermitLocalCommand 1337Allow local command execution via the 1338.Ic LocalCommand 1339option or using the 1340.Ic !\& Ns Ar command 1341escape sequence in 1342.Xr ssh 1 . 1343The argument must be 1344.Cm yes 1345or 1346.Cm no 1347(the default). 1348.It Cm PermitRemoteOpen 1349Specifies the destinations to which remote TCP port forwarding is permitted when 1350.Cm RemoteForward 1351is used as a SOCKS proxy. 1352The forwarding specification must be one of the following forms: 1353.Pp 1354.Bl -item -offset indent -compact 1355.It 1356.Cm PermitRemoteOpen 1357.Sm off 1358.Ar host : port 1359.Sm on 1360.It 1361.Cm PermitRemoteOpen 1362.Sm off 1363.Ar IPv4_addr : port 1364.Sm on 1365.It 1366.Cm PermitRemoteOpen 1367.Sm off 1368.Ar \&[ IPv6_addr \&] : port 1369.Sm on 1370.El 1371.Pp 1372Multiple forwards may be specified by separating them with whitespace. 1373An argument of 1374.Cm any 1375can be used to remove all restrictions and permit any forwarding requests. 1376An argument of 1377.Cm none 1378can be used to prohibit all forwarding requests. 1379The wildcard 1380.Sq * 1381can be used for host or port to allow all hosts or ports respectively. 1382Otherwise, no pattern matching or address lookups are performed on supplied 1383names. 1384.It Cm PKCS11Provider 1385Specifies which PKCS#11 provider to use or 1386.Cm none 1387to indicate that no provider should be used (the default). 1388The argument to this keyword is a path to the PKCS#11 shared library 1389.Xr ssh 1 1390should use to communicate with a PKCS#11 token providing keys for user 1391authentication. 1392.It Cm Port 1393Specifies the port number to connect on the remote host. 1394The default is 22. 1395.It Cm PreferredAuthentications 1396Specifies the order in which the client should try authentication methods. 1397This allows a client to prefer one method (e.g.\& 1398.Cm keyboard-interactive ) 1399over another method (e.g.\& 1400.Cm password ) . 1401The default is: 1402.Bd -literal -offset indent 1403gssapi-with-mic,hostbased,publickey, 1404keyboard-interactive,password 1405.Ed 1406.It Cm ProxyCommand 1407Specifies the command to use to connect to the server. 1408The command 1409string extends to the end of the line, and is executed 1410using the user's shell 1411.Ql exec 1412directive to avoid a lingering shell process. 1413.Pp 1414Arguments to 1415.Cm ProxyCommand 1416accept the tokens described in the 1417.Sx TOKENS 1418section. 1419The command can be basically anything, 1420and should read from its standard input and write to its standard output. 1421It should eventually connect an 1422.Xr sshd 8 1423server running on some machine, or execute 1424.Ic sshd -i 1425somewhere. 1426Host key management will be done using the 1427.Cm Hostname 1428of the host being connected (defaulting to the name typed by the user). 1429Setting the command to 1430.Cm none 1431disables this option entirely. 1432Note that 1433.Cm CheckHostIP 1434is not available for connects with a proxy command. 1435.Pp 1436This directive is useful in conjunction with 1437.Xr nc 1 1438and its proxy support. 1439For example, the following directive would connect via an HTTP proxy at 1440192.0.2.0: 1441.Bd -literal -offset 3n 1442ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1443.Ed 1444.It Cm ProxyJump 1445Specifies one or more jump proxies as either 1446.Xo 1447.Sm off 1448.Op Ar user No @ 1449.Ar host 1450.Op : Ns Ar port 1451.Sm on 1452or an ssh URI 1453.Xc . 1454Multiple proxies may be separated by comma characters and will be visited 1455sequentially. 1456Setting this option will cause 1457.Xr ssh 1 1458to connect to the target host by first making a 1459.Xr ssh 1 1460connection to the specified 1461.Cm ProxyJump 1462host and then establishing a 1463TCP forwarding to the ultimate target from there. 1464Setting the host to 1465.Cm none 1466disables this option entirely. 1467.Pp 1468Note that this option will compete with the 1469.Cm ProxyCommand 1470option - whichever is specified first will prevent later instances of the 1471other from taking effect. 1472.Pp 1473Note also that the configuration for the destination host (either supplied 1474via the command-line or the configuration file) is not generally applied 1475to jump hosts. 1476.Pa ~/.ssh/config 1477should be used if specific configuration is required for jump hosts. 1478.It Cm ProxyUseFdpass 1479Specifies that 1480.Cm ProxyCommand 1481will pass a connected file descriptor back to 1482.Xr ssh 1 1483instead of continuing to execute and pass data. 1484The default is 1485.Cm no . 1486.It Cm PubkeyAcceptedAlgorithms 1487Specifies the signature algorithms that will be used for public key 1488authentication as a comma-separated list of patterns. 1489If the specified list begins with a 1490.Sq + 1491character, then the algorithms after it will be appended to the default 1492instead of replacing it. 1493If the specified list begins with a 1494.Sq - 1495character, then the specified algorithms (including wildcards) will be removed 1496from the default set instead of replacing them. 1497If the specified list begins with a 1498.Sq ^ 1499character, then the specified algorithms will be placed at the head of the 1500default set. 1501The default for this option is: 1502.Bd -literal -offset 3n 1503ssh-ed25519-cert-v01@openssh.com, 1504ecdsa-sha2-nistp256-cert-v01@openssh.com, 1505ecdsa-sha2-nistp384-cert-v01@openssh.com, 1506ecdsa-sha2-nistp521-cert-v01@openssh.com, 1507sk-ssh-ed25519-cert-v01@openssh.com, 1508sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 1509rsa-sha2-512-cert-v01@openssh.com, 1510rsa-sha2-256-cert-v01@openssh.com, 1511ssh-ed25519, 1512ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1513sk-ssh-ed25519@openssh.com, 1514sk-ecdsa-sha2-nistp256@openssh.com, 1515rsa-sha2-512,rsa-sha2-256 1516.Ed 1517.Pp 1518The list of available signature algorithms may also be obtained using 1519.Qq ssh -Q PubkeyAcceptedAlgorithms . 1520.It Cm PubkeyAuthentication 1521Specifies whether to try public key authentication. 1522The argument to this keyword must be 1523.Cm yes 1524(the default), 1525.Cm no , 1526.Cm unbound 1527or 1528.Cm host-bound . 1529The final two options enable public key authentication while respectively 1530disabling or enabling the OpenSSH host-bound authentication protocol 1531extension required for restricted 1532.Xr ssh-agent 1 1533forwarding. 1534.It Cm RekeyLimit 1535Specifies the maximum amount of data that may be transmitted or received 1536before the session key is renegotiated, optionally followed by a maximum 1537amount of time that may pass before the session key is renegotiated. 1538The first argument is specified in bytes and may have a suffix of 1539.Sq K , 1540.Sq M , 1541or 1542.Sq G 1543to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1544The default is between 1545.Sq 1G 1546and 1547.Sq 4G , 1548depending on the cipher. 1549The optional second value is specified in seconds and may use any of the 1550units documented in the TIME FORMATS section of 1551.Xr sshd_config 5 . 1552The default value for 1553.Cm RekeyLimit 1554is 1555.Cm default none , 1556which means that rekeying is performed after the cipher's default amount 1557of data has been sent or received and no time based rekeying is done. 1558.It Cm RemoteCommand 1559Specifies a command to execute on the remote machine after successfully 1560connecting to the server. 1561The command string extends to the end of the line, and is executed with 1562the user's shell. 1563Arguments to 1564.Cm RemoteCommand 1565accept the tokens described in the 1566.Sx TOKENS 1567section. 1568.It Cm RemoteForward 1569Specifies that a TCP port on the remote machine be forwarded over 1570the secure channel. 1571The remote port may either be forwarded to a specified host and port 1572from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote 1573client to connect to arbitrary destinations from the local machine. 1574The first argument is the listening specification and may be 1575.Sm off 1576.Oo Ar bind_address : Oc Ar port 1577.Sm on 1578or, if the remote host supports it, a Unix domain socket path. 1579If forwarding to a specific destination then the second argument must be 1580.Ar host : Ns Ar hostport 1581or a Unix domain socket path, 1582otherwise if no destination argument is specified then the remote forwarding 1583will be established as a SOCKS proxy. 1584When acting as a SOCKS proxy, the destination of the connection can be 1585restricted by 1586.Cm PermitRemoteOpen . 1587.Pp 1588IPv6 addresses can be specified by enclosing addresses in square brackets. 1589Multiple forwardings may be specified, and additional 1590forwardings can be given on the command line. 1591Privileged ports can be forwarded only when 1592logging in as root on the remote machine. 1593Unix domain socket paths may use the tokens described in the 1594.Sx TOKENS 1595section and environment variables as described in the 1596.Sx ENVIRONMENT VARIABLES 1597section. 1598.Pp 1599If the 1600.Ar port 1601argument is 0, 1602the listen port will be dynamically allocated on the server and reported 1603to the client at run time. 1604.Pp 1605If the 1606.Ar bind_address 1607is not specified, the default is to only bind to loopback addresses. 1608If the 1609.Ar bind_address 1610is 1611.Ql * 1612or an empty string, then the forwarding is requested to listen on all 1613interfaces. 1614Specifying a remote 1615.Ar bind_address 1616will only succeed if the server's 1617.Cm GatewayPorts 1618option is enabled (see 1619.Xr sshd_config 5 ) . 1620.It Cm RequestTTY 1621Specifies whether to request a pseudo-tty for the session. 1622The argument may be one of: 1623.Cm no 1624(never request a TTY), 1625.Cm yes 1626(always request a TTY when standard input is a TTY), 1627.Cm force 1628(always request a TTY) or 1629.Cm auto 1630(request a TTY when opening a login session). 1631This option mirrors the 1632.Fl t 1633and 1634.Fl T 1635flags for 1636.Xr ssh 1 . 1637.It Cm RequiredRSASize 1638Specifies the minimum RSA key size (in bits) that 1639.Xr ssh 1 1640will accept. 1641User authentication keys smaller than this limit will be ignored. 1642Servers that present host keys smaller than this limit will cause the 1643connection to be terminated. 1644The default is 1645.Cm 1024 1646bits. 1647Note that this limit may only be raised from the default. 1648.It Cm RevokedHostKeys 1649Specifies revoked host public keys. 1650Keys listed in this file will be refused for host authentication. 1651Note that if this file does not exist or is not readable, 1652then host authentication will be refused for all hosts. 1653Keys may be specified as a text file, listing one public key per line, or as 1654an OpenSSH Key Revocation List (KRL) as generated by 1655.Xr ssh-keygen 1 . 1656For more information on KRLs, see the KEY REVOCATION LISTS section in 1657.Xr ssh-keygen 1 . 1658.It Cm SecurityKeyProvider 1659Specifies a path to a library that will be used when loading any 1660FIDO authenticator-hosted keys, overriding the default of using 1661the built-in USB HID support. 1662.Pp 1663If the specified value begins with a 1664.Sq $ 1665character, then it will be treated as an environment variable containing 1666the path to the library. 1667.It Cm SendEnv 1668Specifies what variables from the local 1669.Xr environ 7 1670should be sent to the server. 1671The server must also support it, and the server must be configured to 1672accept these environment variables. 1673Note that the 1674.Ev TERM 1675environment variable is always sent whenever a 1676pseudo-terminal is requested as it is required by the protocol. 1677Refer to 1678.Cm AcceptEnv 1679in 1680.Xr sshd_config 5 1681for how to configure the server. 1682Variables are specified by name, which may contain wildcard characters. 1683Multiple environment variables may be separated by whitespace or spread 1684across multiple 1685.Cm SendEnv 1686directives. 1687.Pp 1688See 1689.Sx PATTERNS 1690for more information on patterns. 1691.Pp 1692It is possible to clear previously set 1693.Cm SendEnv 1694variable names by prefixing patterns with 1695.Pa - . 1696The default is not to send any environment variables. 1697.It Cm ServerAliveCountMax 1698Sets the number of server alive messages (see below) which may be 1699sent without 1700.Xr ssh 1 1701receiving any messages back from the server. 1702If this threshold is reached while server alive messages are being sent, 1703ssh will disconnect from the server, terminating the session. 1704It is important to note that the use of server alive messages is very 1705different from 1706.Cm TCPKeepAlive 1707(below). 1708The server alive messages are sent through the encrypted channel 1709and therefore will not be spoofable. 1710The TCP keepalive option enabled by 1711.Cm TCPKeepAlive 1712is spoofable. 1713The server alive mechanism is valuable when the client or 1714server depend on knowing when a connection has become unresponsive. 1715.Pp 1716The default value is 3. 1717If, for example, 1718.Cm ServerAliveInterval 1719(see below) is set to 15 and 1720.Cm ServerAliveCountMax 1721is left at the default, if the server becomes unresponsive, 1722ssh will disconnect after approximately 45 seconds. 1723.It Cm ServerAliveInterval 1724Sets a timeout interval in seconds after which if no data has been received 1725from the server, 1726.Xr ssh 1 1727will send a message through the encrypted 1728channel to request a response from the server. 1729The default 1730is 0, indicating that these messages will not be sent to the server. 1731.It Cm SessionType 1732May be used to either request invocation of a subsystem on the remote system, 1733or to prevent the execution of a remote command at all. 1734The latter is useful for just forwarding ports. 1735The argument to this keyword must be 1736.Cm none 1737(same as the 1738.Fl N 1739option), 1740.Cm subsystem 1741(same as the 1742.Fl s 1743option) or 1744.Cm default 1745(shell or command execution). 1746.It Cm SetEnv 1747Directly specify one or more environment variables and their contents to 1748be sent to the server. 1749Similarly to 1750.Cm SendEnv , 1751with the exception of the 1752.Ev TERM 1753variable, the server must be prepared to accept the environment variable. 1754.It Cm StdinNull 1755Redirects stdin from 1756.Pa /dev/null 1757(actually, prevents reading from stdin). 1758Either this or the equivalent 1759.Fl n 1760option must be used when 1761.Nm ssh 1762is run in the background. 1763The argument to this keyword must be 1764.Cm yes 1765(same as the 1766.Fl n 1767option) or 1768.Cm no 1769(the default). 1770.It Cm StreamLocalBindMask 1771Sets the octal file creation mode mask 1772.Pq umask 1773used when creating a Unix-domain socket file for local or remote 1774port forwarding. 1775This option is only used for port forwarding to a Unix-domain socket file. 1776.Pp 1777The default value is 0177, which creates a Unix-domain socket file that is 1778readable and writable only by the owner. 1779Note that not all operating systems honor the file mode on Unix-domain 1780socket files. 1781.It Cm StreamLocalBindUnlink 1782Specifies whether to remove an existing Unix-domain socket file for local 1783or remote port forwarding before creating a new one. 1784If the socket file already exists and 1785.Cm StreamLocalBindUnlink 1786is not enabled, 1787.Nm ssh 1788will be unable to forward the port to the Unix-domain socket file. 1789This option is only used for port forwarding to a Unix-domain socket file. 1790.Pp 1791The argument must be 1792.Cm yes 1793or 1794.Cm no 1795(the default). 1796.It Cm StrictHostKeyChecking 1797If this flag is set to 1798.Cm yes , 1799.Xr ssh 1 1800will never automatically add host keys to the 1801.Pa ~/.ssh/known_hosts 1802file, and refuses to connect to hosts whose host key has changed. 1803This provides maximum protection against man-in-the-middle (MITM) attacks, 1804though it can be annoying when the 1805.Pa /etc/ssh/ssh_known_hosts 1806file is poorly maintained or when connections to new hosts are 1807frequently made. 1808This option forces the user to manually 1809add all new hosts. 1810.Pp 1811If this flag is set to 1812.Cm accept-new 1813then ssh will automatically add new host keys to the user's 1814.Pa known_hosts 1815file, but will not permit connections to hosts with 1816changed host keys. 1817If this flag is set to 1818.Cm no 1819or 1820.Cm off , 1821ssh will automatically add new host keys to the user known hosts files 1822and allow connections to hosts with changed hostkeys to proceed, 1823subject to some restrictions. 1824If this flag is set to 1825.Cm ask 1826(the default), 1827new host keys 1828will be added to the user known host files only after the user 1829has confirmed that is what they really want to do, and 1830ssh will refuse to connect to hosts whose host key has changed. 1831The host keys of 1832known hosts will be verified automatically in all cases. 1833.It Cm SyslogFacility 1834Gives the facility code that is used when logging messages from 1835.Xr ssh 1 . 1836The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1837LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1838The default is USER. 1839.It Cm TCPKeepAlive 1840Specifies whether the system should send TCP keepalive messages to the 1841other side. 1842If they are sent, death of the connection or crash of one 1843of the machines will be properly noticed. 1844However, this means that 1845connections will die if the route is down temporarily, and some people 1846find it annoying. 1847.Pp 1848The default is 1849.Cm yes 1850(to send TCP keepalive messages), and the client will notice 1851if the network goes down or the remote host dies. 1852This is important in scripts, and many users want it too. 1853.Pp 1854To disable TCP keepalive messages, the value should be set to 1855.Cm no . 1856See also 1857.Cm ServerAliveInterval 1858for protocol-level keepalives. 1859.It Cm Tunnel 1860Request 1861.Xr tun 4 1862device forwarding between the client and the server. 1863The argument must be 1864.Cm yes , 1865.Cm point-to-point 1866(layer 3), 1867.Cm ethernet 1868(layer 2), 1869or 1870.Cm no 1871(the default). 1872Specifying 1873.Cm yes 1874requests the default tunnel mode, which is 1875.Cm point-to-point . 1876.It Cm TunnelDevice 1877Specifies the 1878.Xr tun 4 1879devices to open on the client 1880.Pq Ar local_tun 1881and the server 1882.Pq Ar remote_tun . 1883.Pp 1884The argument must be 1885.Sm off 1886.Ar local_tun Op : Ar remote_tun . 1887.Sm on 1888The devices may be specified by numerical ID or the keyword 1889.Cm any , 1890which uses the next available tunnel device. 1891If 1892.Ar remote_tun 1893is not specified, it defaults to 1894.Cm any . 1895The default is 1896.Cm any:any . 1897.It Cm UpdateHostKeys 1898Specifies whether 1899.Xr ssh 1 1900should accept notifications of additional hostkeys from the server sent 1901after authentication has completed and add them to 1902.Cm UserKnownHostsFile . 1903The argument must be 1904.Cm yes , 1905.Cm no 1906or 1907.Cm ask . 1908This option allows learning alternate hostkeys for a server 1909and supports graceful key rotation by allowing a server to send replacement 1910public keys before old ones are removed. 1911.Pp 1912Additional hostkeys are only accepted if the key used to authenticate the 1913host was already trusted or explicitly accepted by the user, the host was 1914authenticated via 1915.Cm UserKnownHostsFile 1916(i.e. not 1917.Cm GlobalKnownHostsFile ) 1918and the host was authenticated using a plain key and not a certificate. 1919.Pp 1920.Cm UpdateHostKeys 1921is enabled by default if the user has not overridden the default 1922.Cm UserKnownHostsFile 1923setting and has not enabled 1924.Cm VerifyHostKeyDNS , 1925otherwise 1926.Cm UpdateHostKeys 1927will be set to 1928.Cm no . 1929.Pp 1930If 1931.Cm UpdateHostKeys 1932is set to 1933.Cm ask , 1934then the user is asked to confirm the modifications to the known_hosts file. 1935Confirmation is currently incompatible with 1936.Cm ControlPersist , 1937and will be disabled if it is enabled. 1938.Pp 1939Presently, only 1940.Xr sshd 8 1941from OpenSSH 6.8 and greater support the 1942.Qq hostkeys@openssh.com 1943protocol extension used to inform the client of all the server's hostkeys. 1944.It Cm User 1945Specifies the user to log in as. 1946This can be useful when a different user name is used on different machines. 1947This saves the trouble of 1948having to remember to give the user name on the command line. 1949.It Cm UserKnownHostsFile 1950Specifies one or more files to use for the user 1951host key database, separated by whitespace. 1952Each filename may use tilde notation to refer to the user's home directory, 1953the tokens described in the 1954.Sx TOKENS 1955section and environment variables as described in the 1956.Sx ENVIRONMENT VARIABLES 1957section. 1958The default is 1959.Pa ~/.ssh/known_hosts , 1960.Pa ~/.ssh/known_hosts2 . 1961.It Cm VerifyHostKeyDNS 1962Specifies whether to verify the remote key using DNS and SSHFP resource 1963records. 1964If this option is set to 1965.Cm yes , 1966the client will implicitly trust keys that match a secure fingerprint 1967from DNS. 1968Insecure fingerprints will be handled as if this option was set to 1969.Cm ask . 1970If this option is set to 1971.Cm ask , 1972information on fingerprint match will be displayed, but the user will still 1973need to confirm new host keys according to the 1974.Cm StrictHostKeyChecking 1975option. 1976The default is 1977.Cm no . 1978.Pp 1979See also 1980.Sx VERIFYING HOST KEYS 1981in 1982.Xr ssh 1 . 1983.It Cm VisualHostKey 1984If this flag is set to 1985.Cm yes , 1986an ASCII art representation of the remote host key fingerprint is 1987printed in addition to the fingerprint string at login and 1988for unknown host keys. 1989If this flag is set to 1990.Cm no 1991(the default), 1992no fingerprint strings are printed at login and 1993only the fingerprint string will be printed for unknown host keys. 1994.It Cm XAuthLocation 1995Specifies the full pathname of the 1996.Xr xauth 1 1997program. 1998The default is 1999.Pa /usr/X11R6/bin/xauth . 2000.El 2001.Sh PATTERNS 2002A 2003.Em pattern 2004consists of zero or more non-whitespace characters, 2005.Sq * 2006(a wildcard that matches zero or more characters), 2007or 2008.Sq ?\& 2009(a wildcard that matches exactly one character). 2010For example, to specify a set of declarations for any host in the 2011.Qq .co.uk 2012set of domains, 2013the following pattern could be used: 2014.Pp 2015.Dl Host *.co.uk 2016.Pp 2017The following pattern 2018would match any host in the 192.168.0.[0-9] network range: 2019.Pp 2020.Dl Host 192.168.0.? 2021.Pp 2022A 2023.Em pattern-list 2024is a comma-separated list of patterns. 2025Patterns within pattern-lists may be negated 2026by preceding them with an exclamation mark 2027.Pq Sq !\& . 2028For example, 2029to allow a key to be used from anywhere within an organization 2030except from the 2031.Qq dialup 2032pool, 2033the following entry (in authorized_keys) could be used: 2034.Pp 2035.Dl from=\&"!*.dialup.example.com,*.example.com\&" 2036.Pp 2037Note that a negated match will never produce a positive result by itself. 2038For example, attempting to match 2039.Qq host3 2040against the following pattern-list will fail: 2041.Pp 2042.Dl from=\&"!host1,!host2\&" 2043.Pp 2044The solution here is to include a term that will yield a positive match, 2045such as a wildcard: 2046.Pp 2047.Dl from=\&"!host1,!host2,*\&" 2048.Sh TOKENS 2049Arguments to some keywords can make use of tokens, 2050which are expanded at runtime: 2051.Pp 2052.Bl -tag -width XXXX -offset indent -compact 2053.It %% 2054A literal 2055.Sq % . 2056.It \&%C 2057Hash of %l%h%p%r. 2058.It %d 2059Local user's home directory. 2060.It %f 2061The fingerprint of the server's host key. 2062.It %H 2063The 2064.Pa known_hosts 2065hostname or address that is being searched for. 2066.It %h 2067The remote hostname. 2068.It \%%I 2069A string describing the reason for a 2070.Cm KnownHostsCommand 2071execution: either 2072.Cm ADDRESS 2073when looking up a host by address (only when 2074.Cm CheckHostIP 2075is enabled), 2076.Cm HOSTNAME 2077when searching by hostname, or 2078.Cm ORDER 2079when preparing the host key algorithm preference list to use for the 2080destination host. 2081.It %i 2082The local user ID. 2083.It %K 2084The base64 encoded host key. 2085.It %k 2086The host key alias if specified, otherwise the original remote hostname given 2087on the command line. 2088.It %L 2089The local hostname. 2090.It %l 2091The local hostname, including the domain name. 2092.It %n 2093The original remote hostname, as given on the command line. 2094.It %p 2095The remote port. 2096.It %r 2097The remote username. 2098.It \&%T 2099The local 2100.Xr tun 4 2101or 2102.Xr tap 4 2103network interface assigned if 2104tunnel forwarding was requested, or 2105.Qq NONE 2106otherwise. 2107.It %t 2108The type of the server host key, e.g. 2109.Cm ssh-ed25519 . 2110.It %u 2111The local username. 2112.El 2113.Pp 2114.Cm CertificateFile , 2115.Cm ControlPath , 2116.Cm IdentityAgent , 2117.Cm IdentityFile , 2118.Cm KnownHostsCommand , 2119.Cm LocalForward , 2120.Cm Match exec , 2121.Cm RemoteCommand , 2122.Cm RemoteForward , 2123and 2124.Cm UserKnownHostsFile 2125accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u. 2126.Pp 2127.Cm KnownHostsCommand 2128additionally accepts the tokens %f, %H, %I, %K and %t. 2129.Pp 2130.Cm Hostname 2131accepts the tokens %% and %h. 2132.Pp 2133.Cm LocalCommand 2134accepts all tokens. 2135.Pp 2136.Cm ProxyCommand 2137and 2138.Cm ProxyJump 2139accept the tokens %%, %h, %n, %p, and %r. 2140.Sh ENVIRONMENT VARIABLES 2141Arguments to some keywords can be expanded at runtime from environment 2142variables on the client by enclosing them in 2143.Ic ${} , 2144for example 2145.Ic ${HOME}/.ssh 2146would refer to the user's .ssh directory. 2147If a specified environment variable does not exist then an error will be 2148returned and the setting for that keyword will be ignored. 2149.Pp 2150The keywords 2151.Cm CertificateFile , 2152.Cm ControlPath , 2153.Cm IdentityAgent , 2154.Cm IdentityFile , 2155.Cm KnownHostsCommand , 2156and 2157.Cm UserKnownHostsFile 2158support environment variables. 2159The keywords 2160.Cm LocalForward 2161and 2162.Cm RemoteForward 2163support environment variables only for Unix domain socket paths. 2164.Sh FILES 2165.Bl -tag -width Ds 2166.It Pa ~/.ssh/config 2167This is the per-user configuration file. 2168The format of this file is described above. 2169This file is used by the SSH client. 2170Because of the potential for abuse, this file must have strict permissions: 2171read/write for the user, and not writable by others. 2172.It Pa /etc/ssh/ssh_config 2173Systemwide configuration file. 2174This file provides defaults for those 2175values that are not specified in the user's configuration file, and 2176for those users who do not have a configuration file. 2177This file must be world-readable. 2178.El 2179.Sh SEE ALSO 2180.Xr ssh 1 2181.Sh AUTHORS 2182.An -nosplit 2183OpenSSH is a derivative of the original and free 2184ssh 1.2.12 release by 2185.An Tatu Ylonen . 2186.An Aaron Campbell , Bob Beck , Markus Friedl , 2187.An Niels Provos , Theo de Raadt 2188and 2189.An Dug Song 2190removed many bugs, re-added newer features and 2191created OpenSSH. 2192.An Markus Friedl 2193contributed the support for SSH protocol versions 1.5 and 2.0. 2194